Embodiment
The disclosure relates generally to the system and method analyzed for the redundant safety eliminated to network packet.Such as will be
Explain in more detail below, include computing device in a computer network by verifying, various systems described herein and
The computing device that method can be provided by checking can expose its security capabilities and/or leak and be not present and be joined by hostile network
The secured computing environment of the risk utilized with person.By provide by checking computing device can expose its security capabilities and/
Or leak and in the absence of the secured computing environment of risk utilized by hostile network participant, various systems described herein and
Method can also make the network equipment (such as, network gateway) can determine the safety system on the computing device by checking
Whether system meets predefined safety standard.
In addition, by making the network equipment can determine whether the security system on the computing device by checking is full
The predefined safety standard of foot, various systems and methods described herein can be eliminated to being sent to the computing device by checking
Network packet redundant safety analysis.In addition, by eliminating the network packet to being sent to the computing device by checking
Redundant safety analysis, various systems and methods described herein can aid in protection Internet resources and/or improve calculate
The overall performance of machine network.
The exemplary system analyzed the redundant safety for eliminating to network packet is provided hereinafter with reference to Fig. 1 to Fig. 2
The detailed description of system.The detailed description to corresponding computer implemented method will be provided with reference to Fig. 3.It will be provided with reference to Fig. 4 to hair
The detailed description of exemplary information toward the exemplary network packet of destination computing device and on destination computing device.Separately
Outside, the example calculation to one or more embodiments described herein can be implemented will be provided respectively in connection with Fig. 5 and Fig. 6
The detailed description of system and network architecture.
Fig. 1 is the block diagram for the example system 100 analyzed for the redundant safety eliminated to network packet.So figure
Shown in, example system 100 can include being used for the one or more modules 102 for performing one or more tasks.For example, simultaneously
And as that will be explained in greater detail below, example system 100 can include blocking module 104, blocking module 104 is programmed to
At least one network packet for being sent to destination computing device is intercepted at the network equipment.Example system 100 can also include
Identification module 106, identification module 106 are programmed to the security system that identification is arranged on destination computing device.
In addition, and such as will be described in greater detail below, example system 100 can include determining that module 108, it is determined that
The security system that module 108 is programmed to determine to be arranged on destination computing device is unsatisfactory for predefined safety standard.Example
Sexual system 100 can also include security module 110, and security module 110, which is programmed to be based at least partially on, to be determined to be arranged on mesh
Security system on mark computing device is unsatisfactory for predefined safety standard, and satisfaction is performed to network packet at the network equipment
The safety analysis of predefined safety standard.
In addition, and such as will be described in greater detail below, example system 100 can include authentication module 112, checking
Module 112 is programmed to verify destination computing device.Example system 100 can also include information module 114, information module
114 are programmed to acquisition on the information of destination computing device and store the information on destination computing device so that network is set
It is standby to be able to access that information, to identify the security system being arranged on destination computing device.Although one or more of Fig. 1 moulds
Block 102 is shown as single element, but module 102 can represent individual module or application program (such as, Symantec
(SYMANTEC) network security) some.
In some embodiments, one or more of Fig. 1 modules 102 can represent one or more software application journeys
Sequence or program, the software application or program can make computing device one or more when by computing device
Task.For example, and such as will be described in greater detail below, one or more modules 102 can represent software module, described soft
Part module is stored and is configured to that (such as, the equipment shown in Fig. 2 is (for example, target meter in one or more computing devices
Calculate equipment 202, the server 206 based on cloud, and/or the network equipment 208)), the computing system 510 in Fig. 5, and/or in Fig. 6
Example network architecture 600 some on run.One or more of Fig. 1 modules 102 can also represent quilt
It is configured to perform the whole or some of one or more special-purpose computers of one or more tasks.
As shown in fig. 1, example system 100 can also include one or more network packets, such as network data
Bag 118.For example, network packet 118 can include all or part of data for representing file.In this example, net
Network packet 118 can include payload and/or metadata (such as, identifies the source of payload and/or the number of destination
According to).In addition, the source that network packet 118 can come from internet or be included in computer network (such as, in-house network) calculates
Equipment.
Example system 100 in Fig. 1 can be implemented with various ways.For example, the whole of example system 100 or one
Part can represent some of the example system 200 in Fig. 2.As shown in Figure 2, system 200 can include via net
The network equipment 208 that server 206 of the network 204 with destination computing device 202 and based on cloud communicates.
The network equipment 208 can be programmed with one or more modules 102, and/or can have and be sent to target calculating
The intercepted network packet 118 of equipment 202.Additionally or alternatively, the server 206 based on cloud can be programmed with one
Individual or multiple modules 102, and/or can store information 210 on destination computing device 202 all or part of and/or
For verifying the validation database 212 of destination computing device 202.Additionally or alternatively, destination computing device 202 can include peace
Total system 216, and/or for promoting renewal to be stored in the checking token 214 of information 210 on the server 206 based on cloud.
In one embodiment, one or more modules 102 from Fig. 1 can be by the network equipment 208 and/or base
The network equipment 208 and/or the server 206 based on cloud is promoted to disappear when at least one computing device of the server 206 of cloud
Except the redundant safety analysis to network packet.For example, and such as it will be described in greater detail below, one or more modules
102 can make the network equipment 208 and/or the server 206 based on cloud:(1) the network number for being sent to destination computing device 202 is intercepted
According to bag 118;(2) identification is arranged on the security system 216 on destination computing device 202;(3) determine to be arranged on destination computing device
Security system 216 on 202 is unsatisfactory for predefined safety standard;And (4) are based at least partially on determination and are arranged on target
Security system 216 on computing device 202 is unsatisfactory for predefined safety standard, and network packet 118 is performed and meets to make a reservation for
The safety analysis of the safety standard of justice.
Destination computing device 202 typicallys represent the calculating of any types or form that can read computer executable instructions
Equipment.The example of computing device 202 includes but is not limited to:Laptop computer, tablet PC, desktop computer, server,
In cell phone, personal digital assistant (PDA), multimedia player, embedded system, said one or multiple combinations, Fig. 5
Exemplary computer system 510, and/or any other suitable computing device.
Server 206 based on cloud typically represent be able to verify that including other computing devices in a computer network and/
Or any class of the storage on one or more computing devices of the information including other computing devices in a computer network
The set of type or form.The example of server 206 based on cloud includes but is not limited to:It is configured to run some software application journeys
Sequence and/or apps server, the webserver, the storage service that various networks, storage and/or database service are provided
Device, and/or database server.
The network equipment 208, which typicallys represent, to be intercepted, forward network packet and/or otherwise promote network number
According to bag any types of another computing device or the computing device of form are transferred to from a computing device.The network equipment 208
Example include but is not limited to:It is network gateway, default gateway, router, node, laptop computer, tablet PC, desk-top
Computer, server, cell phone, personal digital assistant (PDA), multimedia player, embedded system, said one or more
Exemplary computer system 510 in individual combination, Fig. 5, and/or any other network equipment.
Network 204 typicallys represent any medium or architecture that can promote communication or data transmission.The reality of network 204
Example includes but is not limited to:In-house network, TCP/IP networks, wide area network (WAN), LAN (LAN), PAN (PAN), interconnection
Exemplary network in net, power line communication (PLC), cellular network (for example, global system for mobile communications (GSM) network), Fig. 6
Architecture 600 etc..Network 204 can promote to transmit using the communication or data that wirelessly or non-wirelessly connect.In an implementation
In mode, network 204 can promote between the network equipment 208, destination computing device 202 and/or server 206 based on cloud
Communication.
Security system 216 typicallys represent the fail-safe software of any types or form, and it, which is configured to protect, is stored in calculating
The good operation of any information in equipment and/or protection information exempt from the destruction of potential rogue activity.Security system 216
Example includes but is not limited to:Independent security system, the security client for being incorporated to distribution or the security system based on cloud, anti-disease
Malicious security system (for example, the promise of Symantec anti-virus), internet security systems are (for example, the promise of Symantec interconnection
Net safety), network safety system (for example, network security of Symantec), firewall security system, said one or multiple
Combination, and/or any other suitable security system.
Fig. 3 is the stream for the illustrative computer implementation 300 analyzed for the redundant safety eliminated to network packet
Cheng Tu.The step of shown in Fig. 3, can be performed by any suitable computer-executable code and/or computing system.One
Can be by the system 100 in Fig. 1, the system 200 in Fig. 2, the calculating system in Fig. 5 in a little embodiments, the step of shown in Fig. 3
One or more of multiple components of example network architecture 600 in 510 and/or Fig. 6 of system perform.
As shown in Figure 3, it can intercept and be sent in one or more of step 302, various systems described herein
At least one network packet of destination computing device.For example, blocking module 104 can block as the part of the network equipment 208
Cut the network packet 118 for being sent to destination computing device 202.In this example, network packet 118 can include representing extremely
The all or part of data of a few file.
System as described herein can perform step 302 with various ways.In an example, destination computing device
202 can submit request to obtain some data on the computing device for the network-external for being stored in destination computing device.For example,
Destination computing device 202 can submit request (not show in Fig. 2 via the server of the addressable website in internet from trustship
Go out) download specific file.In this example, server can be initiated network packet 118 being transferred in response to request
Destination computing device 202.Network packet 118 can include representing the file asked from server by destination computing device 202
All or part of data.
As shown in Figure 4, network packet 118 can include:Metadata, it is specified with including in a computer network
The associated destination-address (in this example, " A0-88-B4-78-4D-08 ") of destination computing device;And effectively carry
Lotus, all or part of data of its at least one file for including representing to be downloaded by destination computing device are (in this reality
In example, " 0x1738F12A ":To " 0xD128B379 ").In an example, the destination identified in the metadata of packet
Address can include medium plan (MAC) address for being assigned to destination computing device 202.
Destination computing device 202 is reached all the way as network packet 118 enters computer network, and blocking module 104 can
With the intercepting network data package 118 at the network equipment 208.For example, as network packet 118 is towards destination computing device 202
Advance, blocking module 104 can at the network equipment 208 receiving network data bag 118.In this example, and such as will be
It is described in more detail below, the network equipment 208 with network data package 118 and can prevent network packet 118 towards mesh
Mark computing device 202 advances, and whether meets predetermined safety post at least up to the security capabilities for determining destination computing device 202
It is accurate.
In some instances, the network equipment 208 can represent gateway, its enable destination computing device 202 receive and/or
Access the data being stored on the different computing devices being included in same computer network or different computer networks.One
In individual example, the network equipment 208 can serve as the fire wall of computer network.Additionally or alternatively, the network equipment 208 can fill
When the interface for implementing the communication protocol different from the computer network including destination computing device 202.
As shown in Figure 3, installation can be identified in one or more of step 304, various systems described herein
Security system on destination computing device.For example, identification module 106 can identify installation as the part of the network equipment 208
Security system 216 on destination computing device 202.In this example, security system 216 may be configured to protection storage
The good operation of information on destination computing device 202 and/or protection information exempt from the destruction of potential rogue activity.
System as described herein can perform step 304 with various ways.In some instances, identification module 106 can
To access on the information of destination computing device 202 to identify the security system being arranged on destination computing device 202.For example,
Identification module 106 can access the information 210 on destination computing device 202 to the request of server 206 based on cloud.At this
In example, the server 206 based on cloud can examine the network equipment 208 before identification module 106 is able to access that information 210
Whether there is enough administrative powers to access the information on destination computing device 202.Examined in the server 206 based on cloud
After the network equipment 208 has enough administrative powers, identification module 106, which can access, to be stored on the server 206 based on cloud
Information 210 with identify be arranged on destination computing device 202 on security system.
As shown in Figure 4, information 210 can specify particular computing device (in this example, " destination computing device
202 "), it is assigned to the network address (in this example, " A0-88-B4-78-4D-08 ") of computing device, installed in calculating
Security system (in this example, " promise of Symantec anti-virus "), the safety of installation on the computing device in equipment
The current state (in this example, " unlatching ") of system, the date of the newest security update of security system are (in this example
In, " 09/15/2012 "), and the brand of computing device and/or model (in this example, " association THINKPAD
T430”)。
In an example, identification module 106 can identify specified destination in the metadata of network packet
Address.For example, identification module 106 can analyze the metadata being included in network packet 118, and it is based at least partially on
This is analyzed to determine that network packet 118 is sent to the computing device associated with network address " A0-88-B4-78-4D-08 ".
In this example, identification module 106 can compare in the metadata of network packet specified destination-address with
Specified network address " A0-88-B4-78-4D-08 " in information 210.Then, identification module 106 can at least part ground
Relatively determine that network packet 118 is sent to destination computing device 202 in this.
In an example, after it is determined that network packet 118 is sent to destination computing device 202, identification module 106 can be with
Identification is arranged on the security system on destination computing device 202.For example, identification module 106 may search for being arranged on target calculating
The information 210 of security system in equipment 202.In this example, identification module 106 can be arranged on target in search and calculate
Security system 216 is identified while information 210 of security system in equipment 202.
Additionally or alternatively, identification module 106 can determine that no security system is currently installed in destination computing device 202
On.For example, destination computing device 202 may also be fitted without security system.In this example, identification module 106 can be searched
Rope is arranged on the information on destination computing device 202 of any security system on destination computing device 202.Then, identify
Module 106 may fail identification while information of the search on destination computing device 202 and be arranged on destination computing device 202
On any security system.
In some instances, the server 206 based on cloud, which can be verified, is included in one or more of computer network
Computing device.For example, authentication module 112 can add computer network posteriority as the part of the server 206 based on cloud
Demonstrate,prove destination computing device 202 and/or the network equipment 208.Destination computing device is verified by using the server 206 based on cloud
202 and/or the network equipment 208, authentication module 112 may insure that computer network provides destination computing device 202 and/or network
Equipment 208 can expose its security capabilities and/or leak and be counted in the absence of the safety of the risk utilized by hostile network participant
Calculate environment.
In an example, authentication module 112 can obtain user certificate from the user of destination computing device 202.For example,
Authentication module 112 can enable the user of destination computing device 202 create the user name associated with computer network and close
Code.In this example, authentication module 112 and then can be by the user name and close of user's establishment by destination computing device 202
Code is stored in validation database 212.
In an example, authentication module 112 can obtain the username and password of the user of destination computing device 202
(at least one occasion), to verify destination computing device 202 using the server 206 based on cloud.For example, the network equipment
208 can detect that destination computing device 202 attempts to join computer network.In this example, target calculating is being detected
After equipment 202 attempts to join computer network, the network equipment 208 can be with the user name of the user of request target computing device 202
And password.
In an example, the network equipment 208 can receive the use of the user of destination computing device 202 in response to request
Name in an account book and password.In this example, after the username and password of user of destination computing device 202 is received, the network equipment
208 can be supplied to username and password authentication module 112.Authentication module 112 may then pass through search validation database
212 username and password and username and password is identified during search, use the server 206 based on cloud to verify target
Computing device 202.
In similar example, authentication module 112 can obtain user certificate from the user of the network equipment 208.For example, test
Card module 112 can enable the network manager associated with the network equipment 208 create the use associated with computer network
Name in an account book and password.In this example, then authentication module 112 can deposit the username and password created by network manager
Storage is in validation database 212.
In an example, authentication module 112 can obtain the user of the network manager associated with the network equipment 208
Name and password (at least one occasion), to verify the network equipment 208 using the server 206 based on cloud.For example, network pipe
Reason person can start the network equipment 208 to start to promote transmission of the packet in computer network.In this example, opening
During dynamic process, the network equipment 208 can ask the username and password of the network manager associated with the network equipment 208.
In an example, the network equipment 208 can in response to request the username and password of receiving network managing person.
In this example, after the username and password of receiving network managing person, the network equipment 208 can carry username and password
Supply authentication module 112.Authentication module 112 may then pass through the username and password of search validation database 212 and
Username and password is identified during search, the network equipment 208 is verified using the server 206 based on cloud.
In some instances, the server 206 based on cloud can be used from one or more of computer network is included in
Family and/or computing device obtain information 210.For example, information module 114 can be looked into as the part of the server 206 based on cloud
Ask the information on destination computing device 202 of destination computing device 202 and/or the network equipment 208.Additionally or alternatively, believe
Breath module 114 can inquire about destination computing device 202 user and/or the keeper associated with the network equipment 208 on
The information of destination computing device 202.In response to these inquiries, information module 114 (can such as, surpass via secure communication protocols
Text-safe transportation protocol (HTTPS)) information of the reception on destination computing device 202, and will be on destination computing device
202 information is stored as the information 210 on the server 206 based on cloud.
In some instances, authentication module 112 can provide checking order during verification process for destination computing device 202
Board.For example, authentication module 112, which can be destination computing device 202, provides checking token 214, checking token 214 is configured to draw
Lead the fresh information 210 of destination computing device 202.In an example, verify that token 214 can be with guiding target computing device 202
The periodically fresh information 210 (for example, weekly).In another example, verify that token 214 can be with guiding target computing device
202 in response to detecting at least one modification to security system 216 (for example, security update, the current state of security system
Change, and/or new security system) or network address to equipment at least one modification (for example, new network address) and
Fresh information 210.
In an example, it can be that authentication module 112 provides identification with guiding target computing device 202 to verify token 214
The renewal of modification to security system 216 or the network address of equipment.In this example, authentication module 112 can be via peace
Full communication agreement receives from destination computing device 202 to be updated.Then authentication module 112 can be based at least partially on from target meter
That calculates the reception of equipment 202 more newly arrives fresh information 210 to consider the modification to security system 216 or the network address of equipment.
As shown in Figure 3, can determine to install in one or more of step 306, various systems described herein
Security system on destination computing device is unsatisfactory for predefined safety standard.For example, determining module 108 can be used as network
The security system 216 that the part of equipment 208 determines to be arranged on destination computing device 202 is unsatisfactory for predefined safety standard.
The security system that phrase " predefined safety standard " used herein generally refers to be arranged on destination computing device can
The qualification or requirement of any types or form of particular safety analysis are performed to network packet.
System as described herein can perform step 306 with various ways.In some instances, determining module 108 can
To identify the predefined safety standard forced by computer network.In such example, determining module 108 can determine pre-
The safety standard requirement network packet 118 of definition undergoes particular safety analysis.The example of this safety analysis includes but unlimited
In:One or more specific ID S analyses, IPS analyses, anti-virus analysis, fire wall analysis, the safety analysis based on prestige, base
In didactic safety analysis, the safety analysis based on signature, said one or multiple combinations, and/or any other is suitable
Safety analysis.
In some instances, determining module 108 can be accessed on the security system on destination computing device 202
216 information is to determine whether security system 216 meets predefined safety standard.For example, determining module 108 can access pass
In the information for the security system 216 being locally stored on the network equipment 208.In another example, determining module 108 can access
On the information for the security system 216 being remotely stored on the server 206 based on cloud.In another example, determining module 108
Can be via information of the internet access on security system 216.
In some instances, after the information on security system 216 is accessed, determining module 108 can compare on peace
The information of total system 216 and predefined safety standard, to determine whether security system 216 is able to carry out by predefined at present
Safety analysis needed for safety standard.For example, determining module 108 can identify the meaning in the information on security system 216
The security capabilities of fixed security system 216.In this example, determining module 108 can compare the safe energy of security system 216
Power with as the safety analysis needed for predefined safety standard.
Then, it is determined that module 108, which can be based at least partially on this, relatively determines that security system 216 can not be held at present
Row is as the safety analysis needed for predefined safety standard.Such as it will be described in greater detail below, by determining to be arranged on target
Security system 216 on computing device 202 meets predefined safety standard, and determining module 108 can enable security module 110
Enough eliminate is analyzed the redundant safety that network packet 118 performs.
In some instances, determining module 108 can also determine that security system 216 meets different safety standards.For example,
Determining module 108 can identify the different safety standards forced by computer network.In this example, determining module 108
It can determine that different predefined safety standard requirement network packets 118 undergoes different safety analyses.This is different
The example of safety analysis includes but is not limited to:One or more specific ID S analyses, IPS analyses, anti-virus analysis, fire wall point
Analysis, the safety analysis based on prestige, based on didactic safety analysis, the safety analysis based on signature, said one or multiple
Combination, and/or any other suitable safety analysis.
In an example, determining module 108 can compare information on security system 216 from it is different predefined
Safety standard.In this example, determining module 108 can be based at least partially on this and relatively determine security system 216
It is able to carry out at present as the different safety analyses needed for different predefined safety standards.
In instantiation, determining module 108 can determine that security system 216 can not be performed by predefined safety standard
Required specific ID S and IPS analysis (because such as security system 216 does not perform any IDS or IPS analysis, or by security system
216 IDS performed and IPS analyses are out-of-date).However, determining module 108 can also determine to be arranged on destination computing device
Security system 216 on 202 is able to carry out as the specific anti-virus and fire wall needed for different predefined safety standards point
Analysis.
As shown in Figure 3, can be at least partly in one or more of step 308, various systems described herein
Ground is unsatisfactory for predefined safety standard based on the security system for determining to be arranged on destination computing device, and network packet is held
Row meets the safety analysis of predefined safety standard.For example, security module 110 can as the network equipment 208 part extremely
It is at least partly based on the security system 216 for determining to be arranged on destination computing device 202 and is unsatisfactory for predefined safety standard, it is right
Network packet 118 performs the safety analysis for meeting predefined safety standard.In other words, security module 110 can be in net
Safety analysis is performed to network packet 118 at network equipment 208, because the security system on destination computing device 202
216 can not perform as the safety analysis needed for predefined safety standard at present.
System as described herein can perform step 308 with various ways.In some instances, security module 110 can
To perform safety analysis to network packet 118 before network packet 118 is forwarded into destination computing device 202.One
In individual example, security module 110 can be based at least partially on safety analysis to determine that network packet 118 is not calculated target
Equipment 202 forms known security risk.In this example, security module 110 and then can be by network packet 118 from net
Network equipment 208 is forwarded to destination computing device 202 because network packet 118 destination computing device 202 is not formed it is known
Security risk.
In another example, security module 110 can be based at least partially on safety analysis to determine network packet 118
Known security risk is formed to destination computing device 202.In this example, security module 110 then can be with isolation network
Packet 118 (for example, by preventing network packet 118 from proceeding to destination computing device 202), rather than by network packet
118 are forwarded to destination computing device 202 from the network equipment 208.
In some instances, meet in response to the security system 216 for determining to be arranged on destination computing device 202 different
Network packet 118 can be forwarded to target calculating from the network equipment 208 and set by predefined safety standard, security module 110
Standby 202, without different safety analyses is performed to network packet 118 at the network equipment 208.In other words, security module
110 can abandon performing network packet 118 the different safety analyses as needed for different predefined safety standards, because
Different safety analyses can be performed to network packet 118 for the security system 216 on destination computing device 202.
In instantiation, security module 110 can be performed as needed for predefined safety standard to network packet 118
IDS and IPS analyses because the security system 216 on destination computing device 202 can not perform these IDS and IPS point
Analysis.On the contrary, network packet 118 can be forwarded to destination computing device 202 by security module 110, without performing by different
Specific anti-virus and fire wall analysis needed for predefined safety standard, because the peace on destination computing device 202
Total system 216 is able to carry out these anti-virus and fire wall analysis.
Explained that computer network can be eliminated to being sent to the calculating by checking as explained above with the method 300 in Fig. 3
The redundant safety analysis of the network packet of equipment.For example, can provide can by the computing device of checking for computer network
Expose its security capabilities and/or leak and the secured computing environment of the risk utilized by hostile network participant is not present.Work as meter
When the user of calculation equipment attempts to join computer network, user may need to use the server based on cloud of network to perform to it
The disposable checking of computing device.During this verification process, the computing device of user can be the clothes based on cloud of network
Business device provides the information for any security system that identification is currently installed on computing device.
Then server based on cloud can provide information to net from the computing device receive information of user according to request
The gateway device of network.For example, the user of computing device can attempt to from loading internet document.As file enters computer network
Network reaches the computing device of user all the way, and the gateway device of network can intercept file and inquire about the knowledge of the server based on cloud
The information of security system that An Zhuan be on the computing device of user.In response to come automatic network gateway device this inquiry,
Server based on cloud can provide the information of security system of the identification on the computing device of user for gateway device.
The gateway device of network can be from the server receive information based on cloud, and then use information determines the meter of user
Calculate the predefined safety standard whether equipment meets to be forced by computer network.For example, gateway device can with comparison information with
Predefined safety standard, to determine whether the security system on the computing device of user is able to carry out by making a reservation at present
At least one safety analysis needed for the safety standard of justice.In this example, gateway device can be based at least partially on ratio
Relatively determine that security system can not perform as the safety analysis needed for predefined safety standard at present.It is determined that security system mesh
Before can not perform safety analysis after, gateway device can perform peace before file is forwarded into the computing device of user to file
Complete analysis.
By determining that the security system on the computing device of user can not perform safety analysis, gateway device at present
The different computing devices that may insure to include in a computer network do not perform identical safety analysis to file redundancy.Separately
Outside, identical is not performed by the different computing devices for ensuring to include in a computer network to divide safely to file redundancy
Analysis, gateway device can aid in protection Internet resources and/or improve the overall performance of network.
Fig. 5 is the exemplary computer system that can implement one or more embodiments that are described herein and/or showing
510 block diagram.For example, all or part of of computing system 510 can be combined to perform individually or with other elements
And/or described herein intercept, identify, determine, perform, provide, verify, obtain, store, search to perform as a kind of means
Rope, compare, receive, updating, forwarding and one or more of isolation step.All or part of of computing system 510 also may be used
To perform and/or be performed as a kind of means described herein and/or explanation any other step, method or process.
Computing system 510 broadly represents to be able to carry out any uniprocessor or multiprocessor meter of computer-readable instruction
Calculate equipment or system.The example of computing system 510 includes but is not limited to:Work station, laptop computer, client-side terminal,
Server, distributed computing system, handheld device, or any other computing system or equipment.In its most basic configuration, meter
Calculation system 510 can include at least one processor 514 and system storage 516.
Processor 514 typicallys represent being capable of processing data or interpretation and any types of execute instruction or the processing list of form
Member.In some embodiments, processor 514 can receive instruction from software application or module.These instructions can make
Processor 514 performs the function of one or more illustrative embodiments that are described herein and/or showing.
System storage 516 typically represent any types of being capable of data storage and/or other computer-readable instructions or
The volatibility or non-volatile memory device or medium of form.The example of system storage 516 includes but is not limited to:Arbitrary access
Memory (RAM), read-only storage (ROM), flash memory, or any other suitable memory devices.Although do not really want
Ask, but in some embodiments, computing system 510 can include volatile memory-elements simultaneously (for example, system is deposited
Reservoir 516) and non-volatile memory device (for example, main storage device 532, as described in detail).In an example, come
Can be with loaded into system memory 516 from Fig. 1 one or more modules 102.
In some embodiments, in addition to processor 514 and system storage 516, exemplary computer system 510 also may be used
With including one or more assemblies or element.For example, as shown in Figure 5, computing system 510 can include Memory Controller
518th, input/output (I/O) controller 520 and communication interface 522, can each of wherein enter via the communications infrastructure 512
Row interconnection.The communications infrastructure 512 typicallys represent appointing for the communication between the one or more assemblies that can promote computing device
The infrastructure of what type or form.The example of the communications infrastructure 512 includes but is not limited to:Communication bus (such as, industry mark
Quasi- architecture (ISA), peripheral component interconnection (PCI), PCI Express (PCIe), or similar bus) and network.
Memory Controller 518 typicallys represent one for can handling memory or data or controlling computing system 510
Or any types of the communication between multiple components or the equipment of form.For example, in some embodiments, Memory Controller
518 can be between the control processor 514 of the communications infrastructure 512, system storage 516 and I/O controllers 520 it is logical
Letter.
I/O controllers 520 typically represent any class of the input that can coordinate and/or control computing device and output function
The module of type or form.For example, in some embodiments, I/O controllers 520 can control or promote computing system 510
Between one or more elements data transmission, the element such as processor 514, system storage 516, communication interface 522,
Display adapter 526, input interface 530, and memory interface 534.
Communication interface 522 broadly represents that exemplary computer system 510 and one or more extra equipment can be promoted
Between any types of communication or the communication equipment of form or adapter.For example, in some embodiments, communication interface
522 can promote the communication between computing system 510 and special or public network including extra computing system.Communication interface
522 example includes but is not limited to:Wired network interface (such as, NIC), radio network interface (such as, wireless network
Network interface card), modem, and any other suitable interface.In at least one embodiment, communication interface 522
It is able to will be directly connected to be supplied to remote server via the direct link to network (such as, internet).Communication interface 522
Can be for example, by LAN (such as, Ethernet), PAN, phone or cable system, cell phone connection, satellite number
This connection is provided indirectly according to connection or any other suitable connection.
In some embodiments, communication interface 522 can also represent host adapter, and the host adapter is configured
Promote into via external bus or communication channel between computing system 510 and one or more extra networks or storage device
Communication.The example of host adapter includes but is not limited to:Small computer system interface (SCSI) host adapter, general serial
Bus (USB) host adapter, the host adapter of Institute of Electrical and Electric Engineers (IEEE) 1394, Advanced Technology Attachment
(ATA), Parallel ATA (PATA), serial ATA (SATA), and outside SATA (eSATA) host adapter, fibre channel interface
Adapter, Ethernet Adaptation Unit etc..Communication interface 522 can also allow computing system 510 to be engaged in distributed or remote computation.
For example, communication interface 522 can receive instruction from remote equipment or send an instruction to remote equipment to perform.
As shown in Figure 5, computing system 510 can also include at least one display device 524, display device 524 via
Display adapter 526 is coupled to the communications infrastructure 512.Display device 524 typically represent can visually show it is suitable by showing
Any types of information or the equipment of form that orchestration 526 forwards.Similarly, display adapter 526, which typicallys represent, is configured to
Forwarded from the communications infrastructure 512 (or from frame buffer as known in the art) for being shown on display device 524
The equipment of figure, any types of text and other data or form.
As shown in Figure 5, exemplary computer system 510 can also include at least one input equipment 528, input equipment
528 are coupled to the communications infrastructure 512 via input interface 530.Input equipment 528 typicallys represent can be by computer or artificial
The input of generation is supplied to any types of exemplary computer system 510 or the input equipment of form.The example of input equipment 528
Including but not limited to:Keyboard, sensing equipment, speech recognition device, or any other input equipment.
As shown in Figure 5, exemplary computer system 510 can also include being coupled to communication infrastructure via memory interface 534
The main storage device 532 and backup storage device 533 of facility 512.Storage device 532 and 533 typicallys represent being capable of data storage
And/or any types of other computer-readable instructions or the storage device of form or medium.For example, storage device 532 and 533
Can be disc driver (for example, so-called hard disk drive), solid-state drive, floppy disk, tape drive, CD
Driver, flash drive etc..Memory interface 534 is typicallyed represent in storage device 532 and 533 and computing system 510
Other assemblies between transmit data any types or form interface or equipment.In an example, the data from Fig. 2
Storehouse 212 can be stored in main storage device 532.
In some embodiments, storage device 532 and 533 may be configured to from removable memory module read and/
Or removable memory module is written to, the removable memory module is configured to store computer software, data, or other meters
Calculation machine readable information.The example of suitable removable memory module includes but is not limited to:Floppy disk, tape, CD, flash memory
Equipment etc..Storage device 532 can also include other similar structures or equipment with 533, and the structure or equipment are used to permit
Perhaps computer software, data or other computer-readable instructions are loaded into computing system 510.For example, the He of storage device 532
533 may be configured to read and write software, data, or other computer-readable informations.Storage device 532 and 533 also may be used
To be a part for computing system 510 or can be the single equipment being accessed by other interface systems.
Many other equipment or subsystem may be coupled to computing system 510.On the contrary, all component shown in Fig. 5
Need not exist with equipment to put into practice embodiment that is described herein and/or showing.Equipment mentioned above and subsystem also may be used
To be interconnected in a manner of different from shown in Fig. 5.Computing system 510 can also utilize any amount of software, firmware and/
Or hardware configuration.For example, one or more illustrative embodiments disclosed herein can be encoded as computer-readable deposit
Computer program (also referred to as computer software, software application, computer-readable instruction, or computer on storage media
Control logic).Phrase " computer-readable recording medium " generally refers to store or carry any of computer-readable instruction
Equipment, carrier or the medium of form.The example of computer-readable recording medium includes but is not limited to:Transmission type media, such as carry
Ripple;And non-transitory type medium, such as magnetic-based storage media (for example, hard disk drive and floppy disk), optical storage medium (example
Such as, compact disk (CD) or digital video disk (DVD)), electronic storage medium (for example, solid-state drive and flash media),
With other compartment systems.
Computer-readable recording medium comprising computer program can be loaded into computing system 510.It is stored in calculating
Computer program on machine readable storage medium storing program for executing all or part of then can be stored in system storage 516 and/or
In each several part of storage device 532 and 533.When the computer program being loaded into computing system 510 is performed by processor 514,
The computer program can make processor 514 perform and/or perform as a kind of means described herein and/or show
The function of one or more illustrative embodiments.Additionally or alternatively, one or more that is described herein and/or showing is shown
Example property embodiment can be implemented with firmware and/or hardware.For example, computing system 510 may be configured to be adapted for carrying out this
The application specific integrated circuit (ASIC) of one or more illustrative embodiments disclosed in text.
Fig. 6 is the block diagram of example network architecture 600, wherein FTP client FTP 610,620 and 630 and service
Device 640 and 645 may be coupled to network 650.As detailed above, all or part of of network architecture 600 can be individually
Or it is combined with other elements and disclosed herein intercept, identifies, determines, holds to perform and/or be performed as a kind of means
Go, provide, verifying, obtaining, storing, searching for, comparing, receiving, updating, forwarding and one or more of isolation step.Network
All or part of of architecture 600 can be used for performing and/or perform what is illustrated in the disclosure as a kind of means
Other steps and feature.
FTP client FTP 610,620 and 630 typicallys represent the computing device or system of any types or form, such as Fig. 5
In exemplary computer system 510.Similarly, server 640 and 645, which typicallys represent, is configured to provide various database services
And/or the computing device or system of some software applications of operation, such as apps server or database server.Net
Network 650 typicallys represent any telecommunications or computer network, including such as in-house network, WAN, LAN, PAN or internet.In a reality
In example, FTP client FTP 610,620 and/or 630 and/or server 640 and/or 645 can include the system 100 from Fig. 1
All or part of.
As shown in Figure 6, one or more storage devices 660 (1)-(N) can be attached directly to server 640.It is similar
Ground, one or more storage devices 670 (1)-(N) can be attached directly to server 645.Storage device 660 (1)-(N) and deposit
Storage (1)-(N) of equipment 670 typicallys represent any types for being capable of data storage and/or other computer-readable instructions or form
Storage device or medium.In some embodiments, storage device 660 (1)-(N) and storage device 670 (1)-(N) can be with tables
Show network attached storage (NAS) equipment, network attached storage (NAS) equipment is configured to use various agreements, such as net
Network file system (NFS), Server Message Block (SMB) or CIFS (CIFS) enter with server 640 and 645
Row communication.
Server 640 and 645 can also be connected to storage area network (SAN) structure 680.SAN fabric 680 typicallys represent
Any types of the communication between multiple storage devices or the computer network of form or architecture can be promoted.SAN fabric
680 can promote leading between server 640 and 645 and multiple storage devices 690 (1)-(N) and/or intelligent storage array 695
Letter.SAN fabric 680 can also promote FTP client FTP in this way via network 650 and server 640 and 645
610th, the communication between 620 and 630 and storage device 690 (1)-(N) and/or intelligent storage array 695:Equipment 690 (1)-(N)
Equipment is locally-attached with what array 695 was rendered as FTP client FTP 610,620 and 630.With storage device 660 (1)-(N) and depositing
It is identical to store up equipment 670 (1)-(N), storage device 690 (1)-(N) and intelligent storage array 695 typically represent being capable of data storage
And/or any types of other computer-readable instructions or the storage device of form or medium.
In some embodiments, and reference picture 5 exemplary computer system 510, communication interface is (such as, in Fig. 5
Communication interface 522) it can be used for providing connectivity between each FTP client FTP 610,620 and 630 and network 650.Client
End system 610,620 and 630 may can using such as web browser or other client softwares come access server 640 or
Information on 645.This software can allow FTP client FTP 610,620 and 630 access by server 640, server 645,
Storage device 660 (1)-(N), storage device 670 (1)-(N), storage device 690 (1)-(N) or the trustship of intelligent storage array 695
Data.Although Fig. 6 describes using network (such as, internet) to exchange data, described herein and/or explanation reality
The mode of applying is not limited to internet or any specific network environment.
In at least one embodiment, the whole of one or more illustrative embodiments disclosed herein or one
It point can be encoded as computer program and be loaded into server 640, server 645, storage device 660 (1)-(N), storage is set
In standby 670 (1)-(N), storage device 690 (1)-(N), intelligent storage array 695 or its any combinations and performed.Herein
All or part of of disclosed one or more illustrative embodiments can also be encoded as computer program, be stored in
In server 640, run by server 645, and FTP client FTP 610,620 and 630 is assigned to by network 650.
As detailed above, the one or more assemblies of computing system 510 and/or network architecture 600 can individually or
It is combined with other elements to perform and/or be performed as a kind of means for eliminating the redundant safety point to network packet
The one or more steps of the illustrative methods of analysis.
Although disclosed above elaborate various embodiments, this paper institutes using specific block diagram, flow chart and example
Each block diagram component, flow chart step, operation and/or the component for describing and/or showing can with the extensive hardware of use range,
Software or firmware (or its any combinations) configuration carry out independent and/or common implementing.In addition, component in other assemblies
Any disclosure should be considered as inherently exemplary, because can implement many other architectures to realize phase
Congenerous.
In some instances, all or part of of the example system 100 in Fig. 1 can represent cloud computing environment or base
In some of the environment of network.Cloud computing environment can provide various services and applications via internet.These bases
In cloud service (for example, software i.e. service, platform i.e. service, infrastructure i.e. service etc.) can by web browser or its
He conducts interviews at remote interface.Various functions described herein can by remote desktop environment or any other based on cloud
Computing environment provides.
In various embodiments, all or part of of the example system 100 in Fig. 1 can promote based on cloud
More leases in computing environment.In other words, software module described herein can match somebody with somebody computing system (for example, server)
It is set to the more leases promoted for one or more functions described herein.For example, one or more described herein is soft
Part module can run server programming on the server to make two or more clients (for example, client) to share
Application program.The server programmed by this way can sharing application program, operation among multiple clients (that is, tenant)
System, processing system, and/or storage system.One or more modules described herein can also be that each client segmentation is more
The data and/or configuration information of tenant's application program so that a client can not access data and/or the configuration of another client
Information.
According to various embodiments, all or part of of example system 100 in Fig. 1 can be real in virtual environment
Apply.For example, module described herein and/or data can be resident and/or perform in virtual machine.As used herein, phrase
" virtual machine " generally refers to any operation system abstracted by virtual machine manager (for example, management program) from computing hardware
System environment.Additionally or alternatively, module and/or data described herein can be resident and/or perform in virtualization layer.Such as
Phrase " virtualization layer " used herein generally refers to any data Layer for covering and/or being abstracted from operating system environment
And/or application layer.Virtualization layer can be managed by software virtualization solution (for example, file system filter), described
Software virtualization solution by virtualization layer be rendered as just look like virtualization layer be basis basic operating system part.Example
Such as, software virtualization solution can be by the calling weight of the position in initial orientation to basic file system and/or registration table
The position being directed in virtualization layer.
Procedure parameter and sequence of steps described herein and/or show only are provided by way of example and can roots
According to needing to change.For example, although it is as shown herein and/or description the step of may show or discuss with particular order, but these
Step is not necessarily required to perform by the order for showing or discussing.Various illustrative methods that are described herein and/or showing
One or more of the step of being described herein or showing can be omitted, or also includes volume in addition to those disclosed steps
Outer step.
Although describe and/or show various embodiment party in the case where giving full play to the background of computing system of function herein
Formula, but one or more of these illustrative embodiments can distribute as the program product of diversified forms, without
Consider the particular type of the computer-readable recording medium for being actually allocated.Embodiments disclosed herein can also
Implemented using the software module for performing some tasks.These software modules can include script, batch processing, or can be stored in
Other executable files on computer-readable recording medium or in computing system.In some embodiments, these software moulds
Block can be by computer system configurations into performing one or more illustrative embodiments disclosed herein.
In addition, one or more modules described herein can be by the expression of data, physical equipment and/or physical equipment
Another form is converted to from a kind of form.For example, one or more modules as described herein can intercept at the network equipment
At least one network packet, switching network packet, the result of output network packet conversion, and the result using conversion
The redundant safety that network packet performs is analyzed to eliminate.Additionally or alternatively, one or more modules as described herein can
, will to be interacted by performing, storing data on the computing device on computing device and/or otherwise with computing device
Processor, volatile memory, any other part of nonvolatile memory and/or physical computing devices turn from a kind of form
It is changed to another form.
Description above is provided so that others skilled in the art can be best using disclosed herein
The various aspects of illustrative embodiments.This exemplary description is not intended in detail or is confined to disclosed any essence
True form.In the case where not departing from spirit and scope of the present disclosure, many modifications and variations are possible.It is disclosed herein
Embodiment all should be considered as illustrative and not restrictive in all respects.Appended claims and its equivalent should be referred to
To determine the scope of the present disclosure.
Unless otherwise stated, the term " one " used in the present description and claims should be interpreted to mean
"...... at least one".In addition, for ease of using, the word " comprising " that uses in the present description and claims and
" with " and word "comprising" it is interchangeable and with word "comprising" with identical meanings.